2001 prentice hall, inc. all rights reserved. chapter 7 – computer and network security outline...
Post on 23-Dec-2015
216 Views
Preview:
TRANSCRIPT
2001 Prentice Hall, Inc. All rights reserved.
Chapter 7 – Computer and Network Security
Outline7.1 Introduction7.2 Ancient Ciphers to Modern Cryptosystems7.3 Secret-key Cryptography7.4 Public Key Cryptography7.5 Key Agreement Protocols7.6 Key Management7.7 Digital Signatures7.8 Public Key Infrastructure, Certificates and Certification Authorities7.9 Cryptoanalysis7.10 Security Protocols
7.10.1 Secure Sockets Layer (SSL)7.10.2 Secure Electronic Transaction™ (SET™)
7.11 Security Attacks7.12 Network Security
7.12.1 Firewalls7.12.2 Kerberos7.12.3 Biometrics
2001 Prentice Hall, Inc. All rights reserved.
Chapter 7 – Computer and Network Security
Outline7.13 Steganography
2001 Prentice Hall, Inc. All rights reserved.
7.1 Introduction
• Internet security– Consumers entering highly confidential information
– Number of security attacks increasing
– Four requirements of a secure transaction• Privacy – information not read by third party
• Integrity – information not compromised or altered
• Authentication – sender and receiver prove identities
• Non-repudiation – legally prove message was sent and received
– Availability• Computer systems continually accessible
2001 Prentice Hall, Inc. All rights reserved.
7.2 Ancient Ciphers to Modern Cryptosystems
• Cryptography– Secures information by encrypting it
– Transforms data by using a key• A string of digits that acts as a password and makes the data
incomprehensible to those without it
– Plaintext – unencrypted data
– Cipher-text – encrypted data
– Cipher of cryptosystem – technique for encrypting messages
• Ciphers– Substitution cipher
• Every occurrence of a given letter is replaced by a different letter
2001 Prentice Hall, Inc. All rights reserved.
7.2 Ancient Ciphers to Modern Cryptosystems
– Transposition cipher• Shifts the ordering of letters
– Modern cryptosystems• Digital
• Key length – length of string used to encrypt and decrypt
2001 Prentice Hall, Inc. All rights reserved.
7.3 Secret-key Cryptography
• Secret-key cryptography– Same key to encrypt and decrypt message
– Sender sends message and key to receiver
• Problems with secret-key cryptography– Key must be transmitted to receiver
– Different key for every receiver
– Key distribution centers used to reduce these problems• Generates session key and sends it to sender and receiver
encrypted with the unique key
• Encryption algorithms– Dunn Encryption Standard (DES), Triple DES, Advanced
Encryption Standard (AES)
2001 Prentice Hall, Inc. All rights reserved.
7.3 Secret-key Cryptography
• Encrypting and decrypting a message using a symmetric key
2001 Prentice Hall, Inc. All rights reserved.
7.3 Secret-key Cryptography
• Distributing a session key with a key distribution center
2001 Prentice Hall, Inc. All rights reserved.
7.4 Public Key Cryptography
• Public key cryptography– Asymmetric – two inversely related keys
• Private key
• Public key
– If public key encrypts only private can decrypt and vice versa
– Each party has both a public and a private key
– Either the public key or the private key can be used to encrypt a message
– Encrypted with public key and private key• Proves identity while maintaining security
• RSA public key algorithm www.rsasecurity.com
2001 Prentice Hall, Inc. All rights reserved.
7.4 Public Key Cryptography
• Encrypting and decrypting a message using public-key cryptography
2001 Prentice Hall, Inc. All rights reserved.
7.4 Public Key Cryptography
• Authentication with a public-key algorithm
2001 Prentice Hall, Inc. All rights reserved.
7.5 Key Agreement Protocols
• Key agreement protocol– Process by which parties can exchange keys
– Use public-key cryptography to transmit symmetric keys
• Digital envelope– Encrypted message using symmetric key
– Symmetric key encrypted with the public key
– Digital signature
2001 Prentice Hall, Inc. All rights reserved.
7.5 Key Agreement Protocols
• Creating a digital envelope
2001 Prentice Hall, Inc. All rights reserved.
7.6 Key Management
• Key management– Handling and security of private keys
– Key generation • The process by which keys are created
• Must be truly random
2001 Prentice Hall, Inc. All rights reserved.
7.7 Digital Signatures
• Digital signature– Authenticates sender’s identity– Run plaintext through hash function
• Gives message a mathematical value called hash value• Hash value also known as message digest
– Collision • Occurs when multiple messages have same hash value
– Encrypt message digest with private-key– Send signature, encrypted message (with public-key) and
hash function
• Timestamping– Binds a time and date to message, solves non-repudiation– Third party, timestamping agency, timestamps messags
2001 Prentice Hall, Inc. All rights reserved.
7.8 Public Key Infrastructure, Certificates and Certification
Authorities• Public Key Infrastructure (PKI)
– Integrates public key cryptography with digital certificates and certification authorities
– Digital certificate• Digital document issued by certification authority
• Includes name of subject, subject’s public key, serial number, expiration date and signature of trusted third party
– Verisign (www.verisign.com)• Leading certificate authority
– Periodically changing key pairs helps security
2001 Prentice Hall, Inc. All rights reserved.
7.9 Cryptoanalysis
• Cryptoanalysis– Trying to decrypt ciphertext without knowledge of the
decryption key
– Try to determine the key from ciphertext
2001 Prentice Hall, Inc. All rights reserved.
7.10 Security Protocols
• Transaction security protocols– Secure Sockets Layer (SSL)
– Secure Electronic Transaction™ (SET™)
2001 Prentice Hall, Inc. All rights reserved.
7.10.1 Secure Sockets layer (SSL)
• SSL– Uses public-key technology and digital certificates to
authenticate the server in a transaction
– Protects information as it travels over Internet• Does not protect once stored on receivers server
– Peripheral component interconnect (PCI) cards• Installed on servers to secure data for an SSL transaction
2001 Prentice Hall, Inc. All rights reserved.
7.10.2 Secure ElectronicTransaction™ (SET™)
• SET protocol– Designed to protect e-commerce payments– Certifies customer, merchant and merchant’s bank– Requirements
• Merchants must have a digital certificate and SET software• Customers must have a digital certificate and digital wallet
– Digital wallet• Stores credit card information and identification
– Merchant never sees the customer’s personal information• Sent straight to banks
• Microsoft Authenticode– Authenticates file downloads– Informs users of the download’s author
2001 Prentice Hall, Inc. All rights reserved.
7.11 Security Attacks
• Types of security attacks– Denial of service attacks
• Use a network of computers to overload servers and cause them to crash or become unavailable to legitimate users
• Flood servers with data packets
• Alter routing tables which direct data from one computer to another
• Distributed denial of service attack comes from multiple computers
– Viruses• Computer programs that corrupt or delete files
• Sent as attachments or embedded in other files
– Worm• Can spread itself over a network, doesn’t need to be sent
2001 Prentice Hall, Inc. All rights reserved.
7.11 Security Attacks
• Types of viruses– Transient virus
• Attaches itself to specific program
• Is run every time the program is run
– Resident virus• Once loaded operates for duration of computer’s use
– Logic bomb• Triggers when a given condition is met, such as clock on
computer matching a specified time
– Trojan horse• Malicious program that hides within a friendly program
• Web defacing– Hackers illegally change the content of a Web site
2001 Prentice Hall, Inc. All rights reserved.
7.11 Security Attacks
• Anti-virus software– Reactive – goes after already known viruses
– www.mcafee.com• VirusScan scans to search computer for viruses
• ActiveShield checks all downloads
– www.symantec.com• Another virus software distributor
• Computer Emergency Response Team (CERT®)
– Responds to reports of viruses and denial of service attacks
– Provides CERT Security Improvement Modules
2001 Prentice Hall, Inc. All rights reserved.
7.12 Network Security
• Network security– Allow authorized users access
– Prevent unauthorized users from obtaining access
– Trade-off between security and performance
2001 Prentice Hall, Inc. All rights reserved.
7.12.1 Firewalls
• Firewall– Protects local area network (LAN) from outside intruders
– Safey barrier for data flowing in and out
– Prohibits all data not allowed or permits all data not prohibited
• Types of firewalls– Packet-filtering firewalls
• Rejects all data with local addresses from outside
• Examine only the source of the content
– Application level firewalls• Attempt to scan data
2001 Prentice Hall, Inc. All rights reserved.
7.12.2 Kerberos
• Kerberos– Uses symmetric secret-key cryptography to authenticate
users in a network
– Authenticates a client computer and that computer’s authority to access specific parts of the network
2001 Prentice Hall, Inc. All rights reserved.
7.12.3 Biometrics
• Biometrics– Uses unique personal information to identify
• Examples are fingerprints, eyeball iris scans or face scans
2001 Prentice Hall, Inc. All rights reserved.
7.13 Steganography
• Steganography– Practice of hiding information within other information
• Digital watermarks– Hidden within documents and can be shown to prove
ownership
2001 Prentice Hall, Inc. All rights reserved.
7.13 Steganography
• Example of a conventional watermark
Courtesy of Blue Spike, Inc.
top related